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DETAILED ACTION 



1. 



This action is response to communication: filed on 09/16/2003. 



2. 



Claims 1-46 are currently pending in this application. Claims 1,11, 14-27, and 



37 are independent claims. 



3. 



The IDS received 05/07/2004 has been accepted. 



Claim Objections 



4. Claims 33-36 are objected to under 37 CFR 1 75(c), as being of improper 
dependent form for failing to further limit the subject matter of a previous claim. 
Applicant is required to cancel the claim(s), or amend the claim(s) to place the claim(s) 
in proper dependent form, or rewrite the claim(s) in independent form. As per claims 33- 
36, the applicants recite claims that are verbatim to claims 7-10. These claims do not 
further limit the invention. 



5. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

6. Claims 1-46 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 



Claim Rejections - 35 USC §112 
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As per.claims 1-46, the independent claims recite applying the service to the 
encrypted packet if it is determined that the identifier is present. It is not recited 
however the situation in which it is determined that the identifier is not present. It is 
unclear what would occur in this situation. If nothing is performed, the claim would only 
constitute the limitations of examining the packet and determining whether an identifier 
is present. In this scenario, the acts of determining and examining do not result in a 
tangible result, rendering a 101 rejection as well. Therefore, the recited claim 1 is 
unclear and indefinite. Also, it is well known in the art to examine a packet and 
determine whether an identifier is present. 

As per claims 2, 7, 8, 9, 10, 15, 20, 21, 22, 23, 28, 33, 34, 35, 38, 43, 44, 45, and 
46, claims 2, 28, and 38 recite encrypting the packet. However, the packet recited in 
the previous independent claim recites that the packet is already encrypted. It is 
unclear whether this packet is encrypted again after it is already encrypted. For 
purposes of examination, it is interpreted that an initial packet is encrypted, and this 
packet is the packet that is examined. 



Claim Rejections - 35 USC § 102 

7. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 
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(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

8. Claims 1-3, 5, 7, 11, 14-16, 18, 20, 24, 27-29, 31, 33, 34, 37-39, 41, and 43 are 
rejected under 35 U.S.C. 102(e) as being clearly anticipated by Buer et al. US Patent 
Application Publication 2004/0005061 (hereinafter '061). 

As per claim 1, '061 teaches a method for applying a service to an encrypted 
packet comprising: examining an encrypted packet (paragraph 76); determining whether 
an identifier associated with the service is present in the encrypted packet (paragraph 
76); if it is determined that the identifier is present in the encrypted packet, applying the 
service to the encrypted packet (paragraphs 76 and 77). 

As per claim 2, as best understood by the Examiner, '061 teaches encrypting the 
packet, wherein said step of encryption includes establishing said identifier in the packet 
(paragraphs 73-75) 

As per claim 3, '061 recites wherein said identifier is based on at least an Internet 
Key Exchange (IKE) ID stored in the packet (paragraph 43; paragraph 72; wherein IKE 
is an Ipsec standard protocol). 

As per claim 5, '061 teaches wherein the identifier is based on at least an entry in 
a security association database (paragraph 76). 
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As per claim 7, as best understood by the Examiner, '061 teaches wherein the 
identifier is established in a profile of the packet (paragraph 75 recites "the peer 
assembles the data in a packet, including the identifier"). 

As per claim 1 1 , '061 teaches a method for applying a service to a packet 
comprising: encrypting the packet to create an encrypted packet (paragraphs 73-75); 
examining an identifier in the encrypted packet (paragraph 76), wherein the identifier is 
based on an IKE ID of the encrypted packet (paragraph 43, 72, wherein IKE is an Ipsec 
standard protocol); determining whether the identifier in the encrypted packet is 
associated with a service to be applied to the encrypted packet (paragraph 76); and if it 
is determined that the identifier is associated with a service to be applied to the 
encrypted packet, applying the service to the encrypted packet (paragraphs 76 and 77). 

Claims 14, 15, 16, 18, 20, and 24 are rejected using the same basis of 
arguments used to reject claims 1 , 2, 3, 5, 7, and 11, respectively. '061 teaches a 
processor to perform such functions, and it is inherent that a computer processing 
system would include a computer readable medium with instructions to perform the 
steps taught. 

Independent claim 27 is rejected using the same basis of arguments used to 
reject claim 1 , wherein an apparatus and the means to perform the methods are taught 
throughout '061 . 

Claim 28 is rejected using the same basis of arguments used to reject claim 2. 
Claim 29 is rejected using the same basis of arguments used to reject claim 3. 
Claim 31 is rejected using the same basis of arguments used to reject claim 5. 
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Claim 33 is rejected using the same basis of arguments used to reject claim 7. 

Claim 34 is rejected using the same basis of arguments used to reject claim 8. 

Independent claim 37 is rejected using the same basis of arguments used to 
reject claims 1 and 14 above. Memory, processors, and instructions stored to perform 
such steps are inherent to the teachings taught in '061, and may be found, for example, 
in paragraphs 32-35, 39, 47, etc. 

Claim 38 is rejected using the same basis of arguments used to reject claims 2 
and 14 above. 

Claim 39 is rejected using the same basis of arguments used to reject claims 3 
and 15 above. 

Claim 41 is rejected using the same basis of arguments used to reject claim 5 

above. 

Claim 43 is rejected using the same basis of arguments used to reject claim 7 

above. 

Claim Rejections - 35 USC § 103 

9. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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10. Claims 4, 8, 17, 21, 30, 40, and 44 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over '061 as applied above, and in view of Piper's "The Internet IP 
Security Domain of Interpretation for ISAKMP" (November, 1998, hereinafter Piper). 

As per claim 4, '061 does not explicitly teach wherein the IKE ID comprises one 
or more of IDJPV4_ADDR, ID_FQDN, IDJJSER_FQDN, ID_IPV4_ADDR_SUBNET, 
ID_IPV6_ADDR, ID_IPV6_ADDR_SUBNET, ID_IPV4_ADDR_RANGE, 
IDJPV6_ADDR_RANGE, id_DER_ASNI_DN, ID_DER_ASNI_GN, and ID_KEY_ID. 
However, these identifiers are well known in the IKE protocol, as shown in pages 19 
and 20 of Piper. 

At the time of the invention, it would have been obvious to one of ordinary skill in 
the art to include the specific identifiers taught in claim 4. One of ordinary skill in the art 
would have been motivated to perform such an addition as the identifiers that are taught 
are standard identifiers in the IPSEC protocol, in which IKE is an IPSEC standard 
protocol. This is shown in page 17 of Piper, where it indicates in 4.6.1.1 the identifiers 
in IPSEC. 

As per claim 8, Piper discusses the use of ISAKMP throughout the reference, 
such as in pages 1 and 2. 

Claims 17 and 21 are rejected using the same basis of arguments used to reject 
claims 4 and 8, respectively. '061 teaches a processor to perform such functions, and it 
is inherent that a computer processing system would include a computer readable 
medium with instructions to perform the steps taught. 

Claim 30 is rejected using the same basis of arguments used to reject claim 4. 
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Claim 40 is rejected using the same basis of arguments used to reject claims 4 
and 1 7 above. 

Claim 44 is rejected using the same basis of arguments used to reject claim 8 

above. 

11. Claims 6, 19, 32, and 42 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over '061 as applied above, and in view of Roge US Patent No. 6,721,202 
(hereinafter '202). 

As per claim 6, '061 does not explicitly teach wherein identifiers map to quality of 
service groups. However, this is taught in '202 in col. 4 line 55 to col. 5 line 19 (wherein 
a packet is processed regarding information such as identifiers relating to quality of 
service). 

At the time of the invention, it would have been obvious to one of ordinary skill in 
the art to include processing identifiers regarding quality of service. One of ordinary skill 
in the art would have been motivated to perform such an addition as quality of service 
provides different priority to different users or data flows, or guarantees a certain level of 
performance to a data flow. By processing quality of service information, the invention 
would be able to guarantee the performance of service at a certain level. 

Claims 19 is rejected using the same basis of arguments used to reject claim 6. 
'061 teaches a processor to perform such functions, and it is inherent that a computer 
processing system would include a computer readable medium with instructions to 
perform the steps taught. 
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Claim 32 is rejected using the same basis of arguments used to reject claim 6. 
Claim 42 is rejected using the same basis of arguments used to reject claim 6 

above. 

12. Claims 9, 10, 12, 22, 23, 25, 35, 36, 45, and 46 are rejected under 35 

U.S.C. 103(a) as being unpatentable over '061 as applied above, and in view of Valenci 

et al. US Patent Application Publication 2003/0005279 (hereinafter '279). 

As per claim 9, '061 does not explicitly teach pre-classification of the packet prior 
to the step of encryption. It does teach, however, associations of identifiers and session 
keys before encryption, as taught in paragraphs 73 and 74. The pre-classification of the 
packet itself is taught in '279 in paragraphs 34 and 37. 

At the time of the invention, it would have been obvious to one of ordinary skill in 
the art to include the teachings of '279 with '061 . Preclassifying a packet is important 
because it allows a data packet to be processed correctly. This is taught in paragraph 
34: "Packet classification feature 351 enables intermediate driver agent 300 to match a 
data packet with its corresponding crypto information from a table of crypto information 
so that the data packet can be processed correctly.) 

As per claim 10, '279 teaches wherein services are applied based on both 
identifiers and pre-classification (paragraph 27, 34, 35). 

Claim 12 is rejected using the same basis of arguments used to reject claims 9 
and 10 above. Pre-classifying packets based on contents of the packet is taught in 
paragraphs 34 and 37. 
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Claims 22, 23, and 25 are rejected using the same basis of arguments used to 
reject claims 9, 10, and 12, respectively. '061 teaches a processor to perform such 
functions, and it is inherent that a computer processing system would include a 
computer readable medium with instructions to perform the steps taught. 

Claim 35 is rejected using the same basis of arguments used to reject claim 9. 

Claim 36 is rejected using the same basis of arguments used to reject claim 10. 

Claim 45 is rejected using the same basis of arguments used to reject claim 9. 

Claim 46 is rejected using the same basis of arguments used to reject claim 10. 

13. Claims 13 and 26 rejected under 35 U.S.C. 103(a) as being unpatentable over 
'061 as applied above, and in view of Ylonen et al. US Patent Application Publication 
2002/0062344 (hereinafter '344). 

As per claim 13, '061 does not explicitly teach copying at least one bit into a 
header to identify a characteristic of the packet. However, this is taught in '344 in 
paragraph 1 1 . Applying a service based on the identifier is taught in '061 in paragraphs 
73-75, and applying the service based on the header value and the identifier is taught in 
paragraph 1 1 of '344. 

At the time of the invention, it would have been obvious to combine the teachings 
of '344 with '061 . Header information including at least one bit to identify a 
characteristic of a packet is well known in the art, as described in '344. As is taught in 
'344 in paragraph 1 1 , this is well known using the Ipsec protocol, and it would be 
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obvious to combine the features taught in paragraph 1 1 with the invention of '061 , as 
'061 teaches the utilization of the Ipsec protocol. 

Claims 26 is rejected using the same basis of arguments used to reject claim 1 3. 
'061 teaches a processor to perform such functions, and it is inherent that a computer 
processing system would include a computer readable medium with instructions to 
perform the steps taught. 



Conclusion 

14. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jason K. Gee whose telephone number is (571 ) 272- 
6431. The examiner can normally be reached on M-F, 7:00 am to 4:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Jacques Louis-Jacques can be reached on (571) 272-6962. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



Jason Gee 
Patent Examiner 
Technology Center 2134 
01/08/2007 




